Adobe Patched Critical Flaws in Photoshop CC and Digital Edition

Adobe has released patches for two securityvulnerability in its March Security Update. The company today released its security updates to address two critical arbitrary code execution vulnerabilities—one in Adobe Photoshop CC and another in Adobe Digital Editions.

Both of these vulnerabilities could allow an attacker to achieve arbitrary code execution and take control of an affected system. The good news is that the company found no evidence of any exploits in the wild for these security issues.

The vulnerability in Adobe Photoshop CC, discovered by Trend Micro Zero Day Initiative and assigned CVE-2019-7094, is a heap corruption issue which affects Photoshop CC 19.1.7 and earlier 19.x versions as well as Photoshop CC 20.0.2 and earlier 20.x versions for Microsoft Windows and Apple macOS operating systems.

Both updates are given a priority rating of 3, which means the vulnerabilities addressed in the updates are unlikely to be exploited in attacks, according to Adobe’s update notes.

Besides releasing security updates, Adobe also announced the long-expected shut down of its Shockwave player for Windows, for which the company will end support on 9 April. The Shockwave player for Apple macOS was discontinued on March 1, 2017.